]>
git.ipfire.org Git - thirdparty/snort3.git/log
Russ Combs (rucombs) [Wed, 24 Nov 2021 16:21:01 +0000 (16:21 +0000)]
Pull request #3175: Wizard Updates for Talos
Merge in SNORT/snort3 from ~RUCOMBS/snort3:ff_ff to master
Squashed commit of the following:
commit
472d7f7b3c90c3229ee7f9ef1a4750e1bd26ae06
Author: russ <rucombs@cisco.com>
Date: Sun Nov 21 08:05:51 2021 -0500
wizard: add patterns to match unknown HTTP and SIP methods
commit
494a587f21fcfbceb8b95bb859082dad8290013e
Author: russ <rucombs@cisco.com>
Date: Fri Nov 19 11:07:32 2021 -0500
wizard: remove telnet IAC pattern
Mike Stepanek (mstepane) [Wed, 24 Nov 2021 12:59:44 +0000 (12:59 +0000)]
Pull request #3178: Value::get_long(), replacing with platform-independent type
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:fix_32_64 to master
Squashed commit of the following:
commit
5faafb2d57279064269cb3a58d1b136fd3742d44
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Fri Nov 19 16:12:50 2021 +0200
framework: replace Value::get_long() with a platform-independent type
Russ Combs (rucombs) [Tue, 23 Nov 2021 21:34:24 +0000 (21:34 +0000)]
Pull request #3160: Dead code
Merge in SNORT/snort3 from ~RUCOMBS/snort3:dead_code to master
Squashed commit of the following:
commit
4822f91965a6219c28d2786d02a1d302a23cd2db
Author: russ <rucombs@cisco.com>
Date: Wed Nov 10 09:00:16 2021 -0500
utils: reduce flex generation of unused js normalizer code
commit
be2f17d4a46e4461094d7bf1a4c6ace4aad49471
Author: russ <rucombs@cisco.com>
Date: Tue Nov 9 22:51:29 2021 -0500
appid: exclude stubs from coverage
commit
787e0ab1671fc9c3f7aebf6f022731acdcd5e43f
Author: russ <rucombs@cisco.com>
Date: Tue Nov 9 16:00:05 2021 -0500
stream_user: refactor, remove cruft
commit
87c9afe6b700e32ffdb11a3f14d7e716cefe76d1
Author: russ <rucombs@cisco.com>
Date: Tue Nov 9 12:47:58 2021 -0500
rna: refactor unit test stubs
commit
7b18a15516928e54df078a95e23d2c728d23519e
Author: russ <rucombs@cisco.com>
Date: Tue Nov 9 12:44:47 2021 -0500
search_engines: remove unused test code
commit
6428b1fe7286fafd5b263fd26cc93714687cad3c
Author: russ <rucombs@cisco.com>
Date: Mon Nov 8 15:20:25 2021 -0500
reputation: remove unused sfrt code
commit
192adfc363122d0e192bb4c931521542829b5035
Author: russ <rucombs@cisco.com>
Date: Mon Nov 8 14:07:55 2021 -0500
piglets: refactor support code
commit
c75c67c9979d58f32101aa041fbc2212e4a9429d
Author: russ <rucombs@cisco.com>
Date: Mon Nov 8 13:36:14 2021 -0500
alert_sf_socket: remove obselete logger
commit
c8681a19ffd3c9184d7670a19f3ad7be55255f70
Author: russ <rucombs@cisco.com>
Date: Mon Nov 8 11:57:24 2021 -0500
build: remove config.h from headers
commit
5b102d96778edb30a10767f6d9e07d0fc859352a
Author: russ <rucombs@cisco.com>
Date: Mon Nov 8 07:05:33 2021 -0500
unified2: remove cruft
commit
a42e9e174445af49633dcbcfec39cef73a53f7d2
Author: russ <rucombs@cisco.com>
Date: Sun Nov 7 05:47:39 2021 -0500
stream_tcp: remove unused unit test code
commit
bb40e0e171418955f025d1db6485f1e08a6dc9c2
Author: russ <rucombs@cisco.com>
Date: Fri Nov 5 15:24:11 2021 -0400
build: remove unreachable code
Mike Stepanek (mstepane) [Tue, 23 Nov 2021 19:10:01 +0000 (19:10 +0000)]
Pull request #3174: Switch FlexLexer to batch mode.
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:flex_batch to master
Squashed commit of the following:
commit
4cb787d5a367bb775fee452a828d8cfc67c78b43
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Fri Nov 12 15:59:53 2021 +0200
utils: do output adjustment in case of carryover
commit
facc72c26fd8d001effa2970579eee9c5705dd23
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Mon Oct 11 17:13:06 2021 +0300
utils: enable batch mode for Flex
New options engaged: -Caf -8 'batch' 'never-interactive'
Pranav Bhalerao (prbhaler) [Tue, 23 Nov 2021 03:05:49 +0000 (03:05 +0000)]
Pull request #3170: http_inspect: Storing ole data in msg_body
Merge in SNORT/snort3 from ~VIGNVISW/snort3:vignvisw_CSCwa20585 to master
Squashed commit of the following:
commit
d87b2ece8def9c857d29df967934418cda85b897
Author: Vigneshwari Viswanathan <vignvisw@cisco.com>
Date: Wed Nov 17 04:47:56 2021 -0500
http_inspect: Storing ole data in msg_body
Mike Stepanek (mstepane) [Mon, 22 Nov 2021 14:38:54 +0000 (14:38 +0000)]
Pull request #3177: Crunch warning.
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:warning_fix to master
Squashed commit of the following:
commit
cd5723264c63ca00476d258ec6f4ab9aa25b4750
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Mon Nov 22 14:11:02 2021 +0200
utils: pass an address into memset instead of object
Tom Peters (thopeter) [Fri, 19 Nov 2021 20:13:10 +0000 (20:13 +0000)]
Pull request #3167: Fixes for abort issues
Merge in SNORT/snort3 from ~KATHARVE/snort3:abort_issues to master
Squashed commit of the following:
commit
3a43d1e4887d820be2886edaa3185a5c8975fa5d
Author: Katura Harvey <katharve@cisco.com>
Date: Mon Nov 15 11:32:41 2021 -0500
http_inspect: update comments for asserts in eval and clear
commit
3ccf3b7e0f9c4b453f56015b52aeb16c1ed747c0
Author: Katura Harvey <katharve@cisco.com>
Date: Mon Nov 15 11:27:37 2021 -0500
stream_tcp: only fallback if stream splitter aborted and don't keep processing fragments after MagicSplitter returned STOP
commit
6731a11f9bf7b5de9c5e348d0f1311dd6a376ba9
Author: Katura Harvey <katharve@cisco.com>
Date: Wed Oct 27 20:05:38 2021 -0400
framework: don't call a gadget's eval() or clear() after its stream splitter aborted
commit
3c60508fca0b13f14f55632b35d1ca84ea134e57
Author: Katura Harvey <katharve@cisco.com>
Date: Mon Nov 15 11:22:41 2021 -0500
http_inspect: fix total_bytes peg count
Mike Stepanek (mstepane) [Fri, 19 Nov 2021 14:02:33 +0000 (14:02 +0000)]
Pull request #3169: Reset Normalizer's context when new script starts
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_buffers_fix to master
Squashed commit of the following:
commit
bdee3121765f854f41e2a46b9a2a557408314fab
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Nov 16 11:18:33 2021 +0200
utils: reset Normalizer context when new script starts
Since Normalizer context are no longer recreated for each new script started,
a method to reset internal state was added.
If a script continues in the next chunk, then context is not reset,
but is being prepared to process the new chunk as a continuation.
Russ Combs (rucombs) [Thu, 18 Nov 2021 15:09:18 +0000 (15:09 +0000)]
Pull request #3168: catch: update catch to v2.13.7
Merge in SNORT/snort3 from ~SHASLAD/snort3:catch_update to master
Squashed commit of the following:
commit
37e358c3aa01e8b260f0fc56e3d03e01e18d3eb3
Author: Shashi Lad <shaslad@cisco.com>
Date: Mon Nov 15 14:42:09 2021 -0500
catch: update catch to v2.13.7
Mike Stepanek (mstepane) [Wed, 17 Nov 2021 21:15:17 +0000 (21:15 +0000)]
Pull request #3144: doc: update wizard's information
Merge in SNORT/snort3 from ~YVELYKOZ/snort3:wizard_testing to master
Squashed commit of the following:
commit
4465a1347f1ec17336c5751f111d6fe87f7df3c9
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date: Tue Nov 2 16:24:30 2021 +0200
doc: update wizard documentation
Steve Chew (stechew) [Wed, 17 Nov 2021 19:52:12 +0000 (19:52 +0000)]
Pull request #3171: build: generate and tag 3.1.17.0
Merge in SNORT/snort3 from ~STECHEW/snort3:build_3.1.17.0 to master
Squashed commit of the following:
commit
86b337f041adc1b307500a992316b46acf93539b
Author: Steve Chew <stechew@cisco.com>
Date: Wed Nov 17 13:28:17 2021 -0500
build: generate and tag 3.1.17.0
Russ Combs (rucombs) [Tue, 16 Nov 2021 00:46:54 +0000 (00:46 +0000)]
Pull request #3165: detection: ensure PDUs indicate parent when available
Merge in SNORT/snort3 from ~RUCOMBS/snort3:packet_parent to master
Squashed commit of the following:
commit
75d45c3311339e0550b5262bf907ccecf4c3f2f4
Author: russ <rucombs@cisco.com>
Date: Sun Nov 14 07:36:43 2021 -0500
detection: ensure PDUs indicate parent when available
Pranav Bhalerao (prbhaler) [Fri, 12 Nov 2021 08:45:19 +0000 (08:45 +0000)]
Pull request #3162: ips_option: Enabling trace for vba_data options and fixing memory leak while extracting vba_data
Merge in SNORT/snort3 from ~VIGNVISW/snort3:vignvisw_CSCwa12304 to master
Squashed commit of the following:
commit
4dce4794eea4a63b0fe8c77907d24aaed3e198d3
Author: Vigneshwari Viswanathan <vignvisw@cisco.com>
Date: Thu Nov 11 03:04:44 2021 -0500
ips_option: Enabling trace for vba_data options and fixing memory leak while extracting vba_data
Tom Peters (thopeter) [Thu, 11 Nov 2021 00:22:05 +0000 (00:22 +0000)]
Pull request #3161: dnp3: update builtin rule description
Merge in SNORT/snort3 from ~SBAIGAL/snort3:dnp3_text to master
Squashed commit of the following:
commit
4b6692d19bbdcf905073b2103b6c060a5e0a773b
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Wed Nov 10 13:26:06 2021 -0500
dnp3: update builtin rule description
Tom Peters (thopeter) [Wed, 10 Nov 2021 21:26:33 +0000 (21:26 +0000)]
Pull request #3148: doc: update builtin alerts description for portscan
Merge in SNORT/snort3 from ~SBAIGAL/snort3:doc_ps to master
Squashed commit of the following:
commit
f50e6d859449137debf8152c986516a1d8b1aa4d
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Fri Nov 5 15:50:02 2021 -0400
doc: update builtin alerts description for portscan
Tom Peters (thopeter) [Wed, 10 Nov 2021 21:09:06 +0000 (21:09 +0000)]
Pull request #3150: doc: update builtin rule documentation for http_inspect
Merge in SNORT/snort3 from ~KATHARVE/snort3:builtin_doc to master
Squashed commit of the following:
commit
834350f442dda769a1a9bfab87945624f1b3b0a2
Author: Katura Harvey <katharve@cisco.com>
Date: Fri Nov 5 11:17:07 2021 -0400
doc: update builtin rule documentation for http_inspect
Tom Peters (thopeter) [Wed, 10 Nov 2021 20:50:53 +0000 (20:50 +0000)]
Pull request #3157: US 708162: Timebox: Built-in rule documentation - back orifice
Merge in SNORT/snort3 from ~MDAGON/snort3:bo_doc to master
Squashed commit of the following:
commit
3fb00bd44ee93c4bf67a99d7a01e82ae00687432
Author: Maya Dagon <mdagon@cisco.com>
Date: Mon Nov 8 17:01:17 2021 -0500
doc: back orifice builtin rules
Tom Peters (thopeter) [Wed, 10 Nov 2021 19:11:10 +0000 (19:11 +0000)]
Pull request #3139: BUG #705517 Http2HeadersFrame::clear is looking at server side stream state for push promise
Merge in SNORT/snort3 from ~MDAGON/snort3:push_promise2 to master
Squashed commit of the following:
commit
f57c8f53f1fdfef5a73320471b8ef4369fba6f70
Author: Maya Dagon <mdagon@cisco.com>
Date: Mon Oct 25 14:52:44 2021 -0400
http2_inspect: push promise error state check
Tom Peters (thopeter) [Wed, 10 Nov 2021 17:59:11 +0000 (17:59 +0000)]
Pull request #3127: BUG #704687: Hitting assert while processing partial trailer truncated immediately after the frame header
Merge in SNORT/snort3 from ~MDAGON/snort3:trailer to master
Squashed commit of the following:
commit
b5b4daddd2f0f0fcc5b7841aa27fca2b49a94aa1
Author: Maya Dagon <mdagon@cisco.com>
Date: Wed Oct 20 16:46:41 2021 -0400
http2_inspect: truncated trailers without frame data
Tom Peters (thopeter) [Wed, 10 Nov 2021 17:21:38 +0000 (17:21 +0000)]
Pull request #3155: doc: update builtin alerts description for dnp3
Merge in SNORT/snort3 from ~SBAIGAL/snort3:doc_dnp3 to master
Squashed commit of the following:
commit
961b0103065d94673d7c4ca38461996c51c6daa4
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Mon Nov 8 17:20:24 2021 -0500
doc: update builtin alerts description for dnp3
Mike Stepanek (mstepane) [Wed, 10 Nov 2021 15:03:43 +0000 (15:03 +0000)]
Pull request #3152: Dynamic buffer for trace internal data.
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:trace_buffer to master
Squashed commit of the following:
commit
4d5bebcb0fa5835d931bca3ec994f2c71029b20b
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Fri Nov 5 22:20:04 2021 +0200
main: use dynamic buffer on demand in trace print functions
Pranav Bhalerao (prbhaler) [Wed, 10 Nov 2021 02:41:50 +0000 (02:41 +0000)]
Pull request #3156: doc: updated builtin rules documentation for ssh.
Merge in SNORT/snort3 from ~PRBHALER/snort3:ssh_doc to master
Squashed commit of the following:
commit
988ed22936d24059f72d801c6a7dd026fa339eb4
Author: Pranav Bhalerao <prbhaler@cisco.com>
Date: Tue Nov 9 13:47:50 2021 +0530
doc: updated builtin rules documentation for ssh.
Tom Peters (thopeter) [Tue, 9 Nov 2021 22:37:45 +0000 (22:37 +0000)]
Pull request #3158: doc: update builtin alerts description for modbus, HTTP/2
Merge in SNORT/snort3 from ~MDAGON/snort3:http2_modbus_doc to master
Squashed commit of the following:
commit
ba26a40fba66819c257ea4e8ed318ef0b9d320e4
Author: Maya Dagon <mdagon@cisco.com>
Date: Wed Nov 3 15:34:48 2021 -0400
doc: update builtin alerts description for modbus, HTTP/2
Tom Peters (thopeter) [Tue, 9 Nov 2021 22:35:48 +0000 (22:35 +0000)]
Pull request #3154: US 708162: Timebox: Built-in rule documentation - arp_spoof
Merge in SNORT/snort3 from ~MDAGON/snort3:arp_builtins to master
Squashed commit of the following:
commit
d30a49cf87f55af799a2bf8a0bf6003cf0df38e0
Author: Maya Dagon <mdagon@cisco.com>
Date: Mon Nov 8 14:19:07 2021 -0500
doc: arp_spoof builtins
Lokesh Bevinamarad (lbevinam) [Tue, 9 Nov 2021 09:38:27 +0000 (09:38 +0000)]
Pull request #3153: doc: spell correction
Merge in SNORT/snort3 from ~SMULKA/snort3:doc to master
Squashed commit of the following:
commit
c4053513cbeeb4d122cee27f54b11a5b948f14a2
Author: smulka <smulka@cisco.com>
Date: Mon Nov 8 13:47:47 2021 -0500
doc: spell correction
Lokesh Bevinamarad (lbevinam) [Mon, 8 Nov 2021 06:42:16 +0000 (06:42 +0000)]
Pull request #3137: doc: update builtin rules documentation for dce_smb, dce_tcp, dce_udp, rpc_decode
Merge in SNORT/snort3 from ~SMULKA/snort3:doc to master
Squashed commit of the following:
commit
641343a5a13fb2ea4df60bbfe1d09c36bcb7509d
Author: smulka <smulka@cisco.com>
Date: Sun Oct 24 16:48:03 2021 -0400
doc: update builtin rules documentation for dce_smb, dce_tcp, dce_udp, rpc_decode
Steve Chew (stechew) [Fri, 5 Nov 2021 21:47:40 +0000 (21:47 +0000)]
Pull request #3149: u2spewfoo: Fixed incorrect usage line.
Merge in SNORT/snort3 from ~STECHEW/snort3:u2spewfoo_usage to master
Squashed commit of the following:
commit
a8e194062b59b69749f1a9d38fd60fd8a3a52bf2
Author: Steve Chew <stechew@cisco.com>
Date: Fri Nov 5 16:11:14 2021 -0400
u2spewfoo: Fixed incorrect usage line.
Tom Peters (thopeter) [Fri, 5 Nov 2021 19:38:52 +0000 (19:38 +0000)]
Pull request #3138: Hpack refactor2
Merge in SNORT/snort3 from ~KATHARVE/snort3:hpack-refactor2 to master
Squashed commit of the following:
commit
3649ca44dbce29d22cbd296556816658d4f00b25
Author: Katura Harvey <katharve@cisco.com>
Date: Thu Oct 28 16:59:41 2021 -0400
http2_inspect: http1_header buffer always created immediately after decode_headers
Shravan Rangarajuvenkata (shrarang) [Fri, 5 Nov 2021 18:29:18 +0000 (18:29 +0000)]
Pull request #3147: appid: restore the log of reload detectors complete message
Merge in SNORT/snort3 from ~SBAIGAL/snort3:reload_log_patch to master
Squashed commit of the following:
commit
ef7e572e265cff4af2a4375c5d469ea6016c455b
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Fri Nov 5 10:34:49 2021 -0400
appid: restore the log of reload detectors complete message
Tom Peters (thopeter) [Thu, 4 Nov 2021 16:40:25 +0000 (16:40 +0000)]
Pull request #3145: http2_inspect: hardening
Merge in SNORT/snort3 from ~THOPETER/snort3:h2i20 to master
Squashed commit of the following:
commit
a271d65b5f0146e0101b6aac999ae890dcc29235
Author: Tom Peters <thopeter@cisco.com>
Date: Tue Oct 19 18:44:34 2021 -0400
http2_inspect: hardening
Russ Combs (rucombs) [Wed, 3 Nov 2021 16:37:59 +0000 (16:37 +0000)]
Pull request #3141: detection: add allow_missing_so_rules
Merge in SNORT/snort3 from ~RUCOMBS/snort3:allow_missing_so_rules to master
Squashed commit of the following:
commit
2ad1178e988cef483957cc27644ec6e7f70a1253
Author: russ <rucombs@cisco.com>
Date: Wed Nov 3 10:14:11 2021 -0400
build: remove HAVE_HYPERSCAN conditional from installed header
Installed headers can't have conditional struct members since plugins
don't have config.h. In this case the hyperscan-related variables are
now always present.
commit
4d5aa95485dfd13ebad9cec518b92dfedf0b89dd
Author: russ <rucombs@cisco.com>
Date: Thu Oct 28 09:39:33 2021 -0400
detection: add allow_missing_so_rules
By default, missing SO rules cause an error. Set this to true to report
warnings instead. This is helpful when your rule package is out of date.
This should not be enabled in a production environment.
Mike Stepanek (mstepane) [Wed, 3 Nov 2021 13:54:40 +0000 (13:54 +0000)]
Pull request #3143: build: generate and tag 3.1.16.0
Merge in SNORT/snort3 from ~MSTEPANE/snort3:build_3.1.16.0 to master
Squashed commit of the following:
commit
bd3e6adee22d5c51855b2964f8b039217cd92efe
Author: Mike Stepanek <mstepane@cisco.com>
Date: Wed Nov 3 07:36:43 2021 -0400
build: generate and tag 3.1.16.0
Steve Chew (stechew) [Wed, 3 Nov 2021 12:51:59 +0000 (12:51 +0000)]
Pull request #3115: doc: updated remaininig builtin rules documentation
Merge in SNORT/snort3 from ~ALLEWI/snort3:doc_builtin_updates_2 to master
Squashed commit of the following:
commit
c5c86e773cb9f6cb9f33aeb31f8475c7d3e51963
Author: alewis (allewi) <allewi@cisco.com>
Date: Mon Oct 18 21:49:19 2021 -0400
doc: updated remaininig builtin rules documentation
Mike Stepanek (mstepane) [Tue, 2 Nov 2021 19:41:32 +0000 (19:41 +0000)]
Pull request #3129: Handling of PDUs disorder for inline/external JavaScript normalization
Merge in SNORT/snort3 from ~SVLASIUK/snort3:js_pdu_disorder to master
Squashed commit of the following:
commit
529713b1874e9c23516290dae9b3ed80a80276c9
Author: Serhii Vlasiuk <svlasiuk@cisco.com>
Date: Fri Oct 22 17:06:50 2021 +0300
http_inspect: handle PDUs disorder for inline/external JavaScript normalization
Tom Peters (thopeter) [Tue, 2 Nov 2021 17:21:33 +0000 (17:21 +0000)]
Pull request #3130: ssl: disable inspection on alert only at fatal level
Merge in SNORT/snort3 from ~SBAIGAL/snort3:ssl_alert_fix to master
Squashed commit of the following:
commit
fc567298456a798da12318c18c78c35f69cf868e
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Mon Oct 25 09:44:11 2021 -0400
ssl: disable inspection on alert only at fatal level
remove SO_PUBLIC from SSL_decode, since it is only called from inside snort
Mike Stepanek (mstepane) [Tue, 2 Nov 2021 14:12:46 +0000 (14:12 +0000)]
Pull request #3128: JS Normalization: single pass processing
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:spp to master
Squashed commit of the following:
commit
f09974f5dca6d48223f441e61ccd1b7676fd64e2
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Fri Oct 22 15:55:56 2021 +0300
utils: correct Normalizer's output upon the next scan
The output stream buffer was updated with a special-case code to speed up
getting the output size.
commit
0f66f7491fcd07c44934a4a473d26354dd39a859
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Mon Oct 18 16:23:35 2021 +0300
http_inspect: eliminate cumulative js data processing
Input data is fed by portions (script_detection, chunked HTTP) to JSNormalizer.
Output data is accumulated in output stream buffer, which resides in
JSNormalizer context. Accumulated output data is deleted at the end of PDU.
commit
7fe0cc81badb99a2a732c74cddc1aa042e40cbd2
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Fri Oct 15 16:50:09 2021 +0300
utils: add get methods to peek in internal buffer
Tom Peters (thopeter) [Fri, 29 Oct 2021 19:33:28 +0000 (19:33 +0000)]
Merge pull request #3135 in SNORT/snort3 from ~KATHARVE/snort3:hpack-refactor to master
Squashed commit of the following:
commit
c6891e039474b8ce2b2c0f318fe2dd053bac550b
Author: Katura Harvey <katharve@cisco.com>
Date: Wed Oct 27 10:41:52 2021 -0400
http2_inspect: refactor decoded_headers_buffer for hpack decoding
Tom Peters (thopeter) [Fri, 29 Oct 2021 18:25:31 +0000 (18:25 +0000)]
Merge pull request #3133 in SNORT/snort3 from ~KATHARVE/snort3:http_zip_decomp to master
Squashed commit of the following:
commit
eb7b2596fc637c46f2bcda85c222818cf47bed44
Author: Katura Harvey <katharve@cisco.com>
Date: Fri Oct 22 11:03:25 2021 -0400
http_inspect: file decompression improvements
Mike Stepanek (mstepane) [Fri, 29 Oct 2021 17:42:37 +0000 (17:42 +0000)]
Merge pull request #3140 in SNORT/snort3 from ~VHORBATO/snort3:fix_wempty-body_master to master
Squashed commit of the following:
commit
94e9caa22eb12303af0ee3de95370a43eeecea4b
Author: Vitalii <vhorbato@cisco.com>
Date: Fri Oct 29 16:51:49 2021 +0300
flow: fix warning in flow_cache.cc
Mike Stepanek (mstepane) [Thu, 28 Oct 2021 23:26:22 +0000 (23:26 +0000)]
Merge pull request #3134 in SNORT/snort3 from ~VHORBATO/snort3:uni_list_fix to master
Squashed commit of the following:
commit
207aca5fe21b8c09ce9d0f5c0dfca3b571356e69
Author: Vitalii <vhorbato@cisco.com>
Date: Tue Oct 26 09:37:55 2021 +0300
flow: use the same pkt_type to link and unlink unidirectional flows
Use Flow::key::pkt_type instead of Flow::pkt_type, which is set later and
might not be available at link_uni time.
Traces enabled for the 'stream' module.
Shanmugam S (shanms) [Thu, 28 Oct 2021 11:03:00 +0000 (11:03 +0000)]
Merge pull request #3132 in SNORT/snort3 from ~SHANMS/snort3:snort_docs to master
Squashed commit of the following:
commit
ad05b63adb63cba7d4451ebb8dd85268d854579d
Author: shanms <shanms@cisco.com>
Date: Wed Oct 27 07:28:01 2021 +0000
doc: updated builtin rules documentation for gtp module
Pranav Bhalerao (prbhaler) [Thu, 28 Oct 2021 10:41:14 +0000 (10:41 +0000)]
Merge pull request #3136 in SNORT/snort3 from ~PRBHALER/snort3:sip to master
Squashed commit of the following:
commit
6bd401c5853e4fbab89657ebd585b3eae74806de
Author: Pranav Bhalerao <prbhaler@cisco.com>
Date: Wed Oct 27 17:26:38 2021 +0530
sip: track memory for sip sessions.
Pranav Bhalerao (prbhaler) [Wed, 27 Oct 2021 12:42:02 +0000 (12:42 +0000)]
Merge pull request #3120 in SNORT/snort3 from ~GSAMBYAL/snort3:SIP_rules to master
Squashed commit of the following:
commit
c98a183b9427e732a968cf7337f8ea5aec29d9ac
Author: garima sambyal <gsambyal@cisco.com>
Date: Wed Oct 20 03:48:53 2021 -0400
doc: SIP built-in rule documentation.
Steve Chew (stechew) [Wed, 27 Oct 2021 10:41:14 +0000 (10:41 +0000)]
Merge pull request #3101 in SNORT/snort3 from ~RAMANKS/snort3:geneve to master
Squashed commit of the following:
commit
4d417498e15e097d5f1b7cdcfe8dca253784a5f5
Author: Raman Krishnan <ramanks@cisco.com>
Date: Mon Oct 11 22:53:34 2021 -0700
codec: geneve: injected packets should have geneve port in outer udp header
Pranav Bhalerao (prbhaler) [Wed, 27 Oct 2021 10:11:38 +0000 (10:11 +0000)]
Merge pull request #3123 in SNORT/snort3 from ~KDEWANGA/snort3:snort3_builtinrules to master
Squashed commit of the following:
commit
e74ef4b2ed150f09990fd2d88d1746850a14b394
Author: kdewanga <kdewanga@cisco.com>
Date: Thu Oct 21 06:20:10 2021 +0000
doc: updated builtin rules documentation for dns module
Pranav Bhalerao (prbhaler) [Wed, 27 Oct 2021 06:56:08 +0000 (06:56 +0000)]
Merge pull request #3119 in SNORT/snort3 from ~VIGNVISW/snort3:vignvisw_doc to master
Squashed commit of the following:
commit
28f58c1f68a57cc589cc1a8dd24d7d5e5fd45968
Author: Vigneshwari Viswanathan <vignvisw@cisco.com>
Date: Wed Oct 20 03:20:52 2021 -0400
doc: updated builtin rules documentation for ftp-telnet
Shravan Rangarajuvenkata (shrarang) [Wed, 27 Oct 2021 02:31:41 +0000 (02:31 +0000)]
Merge pull request #3131 in SNORT/snort3 from ~SHRARANG/snort3:appid_lua_init_mem_optimization to master
Squashed commit of the following:
commit
3463c2fe5d7af7e5b54790e31164c5ec834be778
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Tue Oct 26 15:11:48 2021 -0400
appid: during initialization, skip loading of Lua detectors that don't have validate function
Shravan Rangarajuvenkata (shrarang) [Tue, 26 Oct 2021 18:40:33 +0000 (18:40 +0000)]
Merge pull request #3116 in SNORT/snort3 from ~CLJUDGE/snort3:snort3_client_app_detect_types to master
Squashed commit of the following:
commit
f3a0f5e68a64507125b1acce375ebaf7c708c063
Author: cljudge <cljudge@cisco.com>
Date: Thu Oct 7 04:55:54 2021 -0400
appid: provide API to give client_app_detection_type
Tom Peters (thopeter) [Tue, 26 Oct 2021 17:19:13 +0000 (17:19 +0000)]
Merge pull request #3107 in SNORT/snort3 from ~SBAIGAL/snort3:reload_debug_logs to master
Squashed commit of the following:
commit
a3b8308a9465c46127a77588774e81fcc6eb6357
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Fri Sep 24 16:11:09 2021 -0400
reload: add logs to track reload process
swapper: moved out reload progress flag to reload tracker
Russ Combs (rucombs) [Mon, 25 Oct 2021 22:48:35 +0000 (22:48 +0000)]
Merge pull request #3122 in SNORT/snort3 from ~RUCOMBS/snort3:hyper_serial to master
Squashed commit of the following:
commit
9daf5f9c73643d751835d24790aab34c9382f338
Author: russ <rucombs@cisco.com>
Date: Wed Oct 13 14:19:08 2021 -0400
detection: refactor mpse serialization
commit
5b0ab03288a64707313c5f3f4f1214df235556c1
Author: russ <rucombs@cisco.com>
Date: Wed Oct 13 10:19:58 2021 -0400
detection: rename PortGroup to the more apt RuleGroup (and related)
PortGroup is a legacy name that predates service. RuleGroups are a
collection of rules based on port (port, src|dst|any, #) or service
(service, c2s|s2c).
commit
47fa569f433c9c0ae034693c0caf76cfec65a89c
Author: russ <rucombs@cisco.com>
Date: Wed Oct 13 10:12:01 2021 -0400
detection: replace PortGroup::alloc/free with ctor/dtor
commit
412073be22c8d8da0f7b532351bb377465186aad
Author: russ <rucombs@cisco.com>
Date: Mon Oct 11 15:33:47 2021 -0400
search_engine: support port group serialization
commit
181e18b47f0a49a5a39dda02a44dc4f9702a3f97
Author: russ <rucombs@cisco.com>
Date: Mon Oct 11 09:43:20 2021 -0400
ips: correct fast pattern port group counts
commit
edbeadd92064f02a0f7690f14805cb037ecbd980
Author: russ <rucombs@cisco.com>
Date: Sun Oct 10 12:57:52 2021 -0400
mpse: add md5 check to deserialization
commit
2dc6cde03deddcf2af26626fee5075e957d06fa9
Author: russ <rucombs@cisco.com>
Date: Thu Oct 7 10:24:09 2021 -0400
hyperscan: sort patterns for dump / load stability
commit
8fcc0ac4b79fe51e8d2a76484dc05238069b331b
Author: russ <rucombs@cisco.com>
Date: Thu Oct 7 07:53:37 2021 -0400
search_engine: support hyperscan serialization
Dump hyperscan databases for service rule groups to the given directory
with --dump-rule-databases. They can be reloaded with
search_engine.rule_db_dir. This does not serialize port group databases.
Mike Stepanek (mstepane) [Mon, 25 Oct 2021 16:11:11 +0000 (16:11 +0000)]
Merge pull request #3079 in SNORT/snort3 from ~YVELYKOZ/snort3:glob_several_packets to master
Squashed commit of the following:
commit
b768e09bc0b09ea3aac32b88eaf3b53c2e035e39
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date: Mon Sep 13 20:34:15 2021 +0300
wizard: update globbing and max_pattern
In order to support globbing over several packets, was added state-variable that contain middle state of pattern.
Max_pattern now applying per flow instead of pre segment.
Max_pattern was renamed to max_search_depth.
Fixed bug with reentering wizard after tcp_hits.
Shravan Rangarajuvenkata (shrarang) [Mon, 25 Oct 2021 15:05:31 +0000 (15:05 +0000)]
Merge pull request #3126 in SNORT/snort3 from ~SHRARANG/snort3:appid_lua_out_of_mem to master
Squashed commit of the following:
commit
6ab78b0fdd275b475a568dc68e6ea4e03ef0383a
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Fri Oct 22 16:08:04 2021 -0400
appid: in packet threads, skip loading of detectors that don't have validate function on reload
Shravan Rangarajuvenkata (shrarang) [Thu, 21 Oct 2021 20:11:35 +0000 (20:11 +0000)]
Merge pull request #3110 in SNORT/snort3 from ~KAMURTHI/snort3:built-in-rules to master
Squashed commit of the following:
commit
f5220aa24e5c0db8102197dadcb608016907165b
Author: Kanimozhi Murthi <kamurthi@cisco.com>
Date: Fri Oct 15 00:30:25 2021 -0400
doc: update built-in rule doc for SMTP, IMAP and POP inspectors.
Russ Combs (rucombs) [Thu, 21 Oct 2021 16:12:09 +0000 (16:12 +0000)]
Merge pull request #3121 in SNORT/snort3 from ~SMINUT/snort3:init_scale_fix to master
Squashed commit of the following:
commit
30e99be7b9374ba90e30313b69f1a8a141a0caf5
Author: Silviu Minut <sminut@cisco.com>
Date: Wed Oct 20 12:03:50 2021 -0400
stream_tcp: fix init_wscale() to take into account the DECODE_TCP_WS flag
tcp: remove the probably obsolete __GNUC__ block from TcpOption::next()
tcp: stop on the EOL option in TcpOptIteratorIter::operator++()
Shravan Rangarajuvenkata (shrarang) [Thu, 21 Oct 2021 14:26:19 +0000 (14:26 +0000)]
Merge pull request #3124 in SNORT/snort3 from ~SHRARANG/snort3:build_3.1.15.0 to master
Squashed commit of the following:
commit
25e2620f58e6bf75802d7dca3b8e0e65a95f3721
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Thu Oct 21 08:33:52 2021 -0400
build: generate and tag 3.1.15.0
Mike Stepanek (mstepane) [Wed, 20 Oct 2021 11:29:02 +0000 (11:29 +0000)]
Merge pull request #3097 in SNORT/snort3 from ~SVLASIUK/snort3:jit_integration to master
Squashed commit of the following:
commit
bf4d7d74121f85dfc9cc576ac43943beca597941
Author: Serhii Vlasiuk <svlasiuk@cisco.com>
Date: Mon Sep 27 19:08:05 2021 +0300
http_inspect: implement JIT (just-in-time) for JavaScript normalization
Remove 'experimental' from JavaScript normalization documentation
Update js_normalization_depth=-1 as default value
Remove previous JIC implementation for JavaScript normalizatio
Tom Peters (thopeter) [Tue, 19 Oct 2021 20:05:15 +0000 (20:05 +0000)]
Merge pull request #3105 in SNORT/snort3 from ~THOPETER/snort3:nhttp160 to master
Squashed commit of the following:
commit
d2e095d8a54d8e358a6b0b8fb0c5f1f9c16afd31
Author: Tom Peters <thopeter@cisco.com>
Date: Mon Oct 4 16:26:34 2021 -0400
http_inspect: hardening
Pranav Bhalerao (prbhaler) [Tue, 19 Oct 2021 10:54:18 +0000 (10:54 +0000)]
Merge pull request #3108 in SNORT/snort3 from ~AMARNAYA/snort3:vba_trace_option to master
Squashed commit of the following:
commit
677a94f271b0e1673c0dd4d2100ab05abe0af2a6
Author: Amarnath Nayak <amarnaya@cisco.com>
Date: Tue Oct 12 15:03:06 2021 +0000
http_inspect, ips_option: decoupling the vba_data ips option from http_inspect and adding the trace debug option to vba_data
Shravan Rangarajuvenkata (shrarang) [Mon, 18 Oct 2021 17:48:30 +0000 (17:48 +0000)]
Merge pull request #3109 in SNORT/snort3 from ~CLJUDGE/snort3:snort3_change_efp_api_name to master
Squashed commit of the following:
commit
688e16cf8b054340cea70ad844a2b59de72f1680
Author: cljudge <cljudge@cisco.com>
Date: Wed Oct 13 22:50:23 2021 -0400
appid: Update the name of the lua API function that adds process name to client app mappings.
Russ Combs (rucombs) [Sun, 17 Oct 2021 22:09:17 +0000 (22:09 +0000)]
Merge pull request #3113 in SNORT/snort3 from ~SBAIGAL/snort3:policy_clone_fix to master
Squashed commit of the following:
commit
4ef0ca4751a18219dcca764e81dcd3038d8b573a
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Sat Oct 16 10:08:05 2021 -0400
policy: update policy clone code to avoid corrupting active configuration
Steve Chew (stechew) [Sat, 16 Oct 2021 17:35:45 +0000 (17:35 +0000)]
Merge pull request #3112 in SNORT/snort3 from ~ALLEWI/snort3:doc_builtin_updates to master
Squashed commit of the following:
commit
db9787bd712e4ab9f66e39fa6139dc48a2af3b4c
Author: alewis (allewi) <allewi@cisco.com>
Date: Fri Oct 15 11:12:11 2021 -0400
doc: builtin rule documentation updates
Masud Hasan (mashasan) [Fri, 15 Oct 2021 21:04:39 +0000 (21:04 +0000)]
Merge pull request #3111 in SNORT/snort3 from ~SMINUT/snort3:smbfp_crash to master
Squashed commit of the following:
commit
01950a49d010b9a06472758de90e0390d7ec0ce2
Author: Silviu Minut <sminut@cisco.com>
Date: Fri Oct 15 11:55:31 2021 -0400
rna: call set_smb_fp_processor function in reload tuner
Mike Stepanek (mstepane) [Wed, 13 Oct 2021 17:59:05 +0000 (17:59 +0000)]
Merge pull request #3095 in SNORT/snort3 from ~OSERHIIE/snort3:js_built_ins to master
Squashed commit of the following:
commit
d253c19d845340b83e7abac8085d07b38b5ebca4
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Wed Sep 29 17:00:12 2021 +0300
http_inspect: do not normalize JavaScript built-in identifiers
* utils: update JSTokenizer to track the scope
* utils: update JSTokenizer to track JavaScript built-in identifiers
* utils: update JSIdentifierCtx to check for JavaScript built-in identifiers
* utils: add unit tests for scope and identifiers tracking
* utils: add benchmarks for scope and identifiers tracking
* http_inspect: add js_norm_max_scope_depth config option to limit maximum depth of scope nesting
* http_inspect: add js_norm_built_in_ident config option as a list of JavaScript built-in identifiers
* http_inspect: update 119:271 rule to alert on both template and scope depth limit reached
* http_inspect: update 119:265 rule to alert on the scope mismatch
* http_inspect: update dev_notes.txt with info about JavaScript built-in identifiers and scope tracking
* lua: update snort_defaults.lua with a default list of JavaScript built-in identifiers
* doc: update user/http_inspect.txt with info about JavaScript built-in identifiers and scope tracking
* doc: update reference/builtin_stubs.txt with updates in 119:271 rule description
Masud Hasan (mashasan) [Wed, 13 Oct 2021 14:35:32 +0000 (14:35 +0000)]
Merge pull request #3104 in SNORT/snort3 from ~MMATIRKO/snort3:doc_fix to master
Squashed commit of the following:
commit
feeb3bf6c787582beee1fd671d65e7e069000e0f
Author: Michael Matirko <mmatirko@cisco.com>
Date: Tue Oct 12 11:51:10 2021 -0400
doc: add punctuation to builtin stubs, fix formatting
Masud Hasan (mashasan) [Wed, 13 Oct 2021 14:33:19 +0000 (14:33 +0000)]
Merge pull request #3100 in SNORT/snort3 from ~SMINUT/snort3:hosts_lua to master
Squashed commit of the following:
commit
1a4a55d21c0f95ac0e128c5654490719acdfdef2
Author: Silviu Minut <sminut@cisco.com>
Date: Mon Oct 11 18:21:09 2021 -0400
rna: do not do service discovery for future flows
Tom Peters (thopeter) [Tue, 12 Oct 2021 20:28:36 +0000 (20:28 +0000)]
Merge pull request #3099 in SNORT/snort3 from ~MDAGON/snort3:try_fix to master
Squashed commit of the following:
commit
31bfb668b854b15698e54fe4b2ea3ec68388d484
Author: Maya Dagon <mdagon@cisco.com>
Date: Fri Oct 8 16:50:36 2021 -0400
http2_inspect: partial header with priority flag set
Mike Stepanek (mstepane) [Mon, 11 Oct 2021 10:54:31 +0000 (10:54 +0000)]
Merge pull request #3089 in SNORT/snort3 from ~DKYRYLOV/snort3:js_norm_asi to master
Squashed commit of the following:
commit
feeedee58a22544fb4788a2646af52c65f1dc8cf
Author: dkyrylov <dkyrylov@cisco.com>
Date: Mon Sep 20 14:48:53 2021 +0300
http_inspect: add automatic semicolon insertion
Pranav Bhalerao (prbhaler) [Mon, 11 Oct 2021 08:59:24 +0000 (08:59 +0000)]
Merge pull request #3022 in SNORT/snort3 from ~AMARNAYA/snort3:feature_vba_macrodata to master
Squashed commit of the following:
commit
a6e4992d0bf97781fdefc90fe89571c4210f574c
Author: Steve Chew (stechew) <stechew@cisco.com>
Date: Mon Jul 19 21:49:09 2021 +0000
decompress, http_inspect: Add support for processing ole files and for vba_data ips option
Shravan Rangarajuvenkata (shrarang) [Fri, 8 Oct 2021 15:15:25 +0000 (15:15 +0000)]
Merge pull request #3092 in SNORT/snort3 from ~SHRARANG/snort3:appid_user_agent_conflict to master
Squashed commit of the following:
commit
20f74e289a32707dfe605235ed6fa72c2f0c6c0f
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Wed Oct 6 09:20:42 2021 -0400
appid: detect client based on longest matching user agent pattern
Lokesh Bevinamarad (lbevinam) [Fri, 8 Oct 2021 14:28:20 +0000 (14:28 +0000)]
Merge pull request #3093 in SNORT/snort3 from ~ROOBS/snort3:code_coverage_7.2 to master
Squashed commit of the following:
commit
a3f139f7cd01c754af79cf24015bdbff3439e114
Author: roopa <roobs@cisco.com>
Date: Thu Oct 7 02:31:00 2021 -0400
build: fix in CodeCoverage.cmake to generate *.gcda *.o files as needed by gcov
Tom Peters (thopeter) [Thu, 7 Oct 2021 16:04:38 +0000 (16:04 +0000)]
Merge pull request #3080 in SNORT/snort3 from ~THOPETER/snort3:nhi_alert_doc to master
Squashed commit of the following:
commit
8791eab62e93eea548e7edeb7640de03a5298385
Author: Tom Peters <thopeter@cisco.com>
Date: Tue Sep 28 17:34:14 2021 -0400
http_inspect: document built-in alerts
Masud Hasan (mashasan) [Thu, 7 Oct 2021 15:58:25 +0000 (15:58 +0000)]
Merge pull request #3085 in SNORT/snort3 from ~SMINUT/snort3:tcp_opt_iter to master
Squashed commit of the following:
commit
218596bc8e12000e2757d7fd66f5feeeb3c7643e
Author: Silviu Minut <sminut@cisco.com>
Date: Fri Oct 1 15:24:07 2021 -0400
protocols: prevent infinite loop over tcp options
Bhargava Jandhyala (bjandhya) [Thu, 7 Oct 2021 14:25:22 +0000 (14:25 +0000)]
Merge pull request #3088 in SNORT/snort3 from ~BSACHDEV/snort3:stress_smb2 to master
Squashed commit of the following:
commit
4de99c141ba599b04b6bb43fbb6af18b63ae836a
Author: Bhargava Jandhyala (bjandhya) <bjandhya@cisco.com>
Date: Mon Oct 4 14:05:53 2021 +0000
dce_smb: Optimised handling pruning of flows in stress environment
Mike Stepanek (mstepane) [Thu, 7 Oct 2021 12:57:33 +0000 (12:57 +0000)]
Merge pull request #3094 in SNORT/snort3 from ~MSTEPANE/snort3:build_3.1.14.0 to master
Squashed commit of the following:
commit
f1c4c6e1a28ce61f4a14570228bc6778a6734a45
Author: Mike Stepanek <mstepane@cisco.com>
Date: Thu Oct 7 06:41:30 2021 -0400
build: generate and tag 3.1.14.0
Shravan Rangarajuvenkata (shrarang) [Wed, 6 Oct 2021 14:06:54 +0000 (14:06 +0000)]
Merge pull request #3084 in SNORT/snort3 from ~SATHIRKA/snort3:rpc_assert_failure to master
Squashed commit of the following:
commit
d4a4f383859d75e912fdd65f6d5faf2cd2ecd1b3
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Wed Sep 29 16:28:36 2021 -0400
appid: Enhance RPC service detector to handle RPC Bind version 3
Shravan Rangarajuvenkata (shrarang) [Wed, 6 Oct 2021 13:22:36 +0000 (13:22 +0000)]
Merge pull request #3091 in SNORT/snort3 from ~SHRARANG/snort3:appid_catch to master
Squashed commit of the following:
commit
ec230de1016fe57e421ea2899ccdd2a874ddca65
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Wed Oct 6 07:18:46 2021 -0400
appid: fix update_allocations signature in unit test
Masud Hasan (mashasan) [Wed, 6 Oct 2021 12:51:23 +0000 (12:51 +0000)]
Merge pull request #3082 in SNORT/snort3 from ~MMATIRKO/snort3:builtins-and-whitespace to master
Squashed commit of the following:
commit
9bcc9030b36dd2a4eaf3851e9a7a01249605e34b
Author: Michael Matirko <mmatirko@cisco.com>
Date: Mon Sep 27 17:44:09 2021 -0400
doc: update builtin stub rule reference strings
commit
9ccee4fc53a5b93ed96fc38295e4eb87a7afafe1
Author: Michael Matirko <mmatirko@cisco.com>
Date: Mon Sep 27 17:39:41 2021 -0400
style: remove leading and trailing whitespace
Russ Combs (rucombs) [Wed, 6 Oct 2021 12:33:25 +0000 (12:33 +0000)]
Merge pull request #3076 in SNORT/snort3 from ~BRASTULT/snort3:decompress_depth to master
Squashed commit of the following:
commit
d056c241b14ced1f3357bd7c35f9ae2aea69ec85
Author: Brandon Stultz <brastult@cisco.com>
Date: Mon Sep 20 18:02:37 2021 -0400
lua: fix Talos tweak snaplen
commit
3f4aa706fea3ea693f3a9b008d5e548a169519c7
Author: Brandon Stultz <brastult@cisco.com>
Date: Fri Sep 17 14:02:13 2021 -0400
file_api: add decompress_buffer_size
Lokesh Bevinamarad (lbevinam) [Tue, 5 Oct 2021 06:12:33 +0000 (06:12 +0000)]
Merge pull request #3077 in SNORT/snort3 from ~ROOBS/snort3:packet_tracer_config to master
Squashed commit of the following:
commit
0a1add665730f5f1f5fcfb35e76fc20d539d1bc7
Author: roopa <roobs@cisco.com>
Date: Thu Sep 23 08:47:46 2021 -0400
file: Added file policy id and other config data as part of packet tracer command under File phase.
Tom Peters (thopeter) [Mon, 4 Oct 2021 20:24:21 +0000 (20:24 +0000)]
Merge pull request #3087 in SNORT/snort3 from ~MDAGON/snort3:hardening to master
Squashed commit of the following:
commit
8dcfe0f20d08e185096f138a043ddf0b15b1468d
Author: Maya Dagon <mdagon@cisco.com>
Date: Fri Oct 1 15:09:58 2021 -0400
http2_inspect: compare scanned bytes to total received during reassemble
Mike Stepanek (mstepane) [Mon, 4 Oct 2021 10:30:14 +0000 (10:30 +0000)]
Merge pull request #3086 in SNORT/snort3 from ~VHORBATO/snort3:ident_test_clang_fix to master
Squashed commit of the following:
commit
fb97da11d3f0587d11edf7b62570f1d3b049ac0d
Author: vhorbato <vhorbato@cisco.com>
Date: Mon Oct 4 13:29:26 2021 +0300
utils: fix compilation error of js_identifier_ctx_test for clang
Mike Stepanek (mstepane) [Fri, 1 Oct 2021 16:57:06 +0000 (16:57 +0000)]
Merge pull request #3081 in SNORT/snort3 from ~VHORBATO/snort3:rename_norm_ident to master
Squashed commit of the following:
commit
613865899894440d15e9cb49ba6a76b1cb790688
Author: Vitalii <vhorbato@cisco.com>
Date: Mon Sep 27 09:49:16 2021 +0300
http_inspect: change format of normalized JS identifiers
utils: adjust output streambuffer expanding strategy and reserved memory
Tom Peters (thopeter) [Thu, 30 Sep 2021 20:12:58 +0000 (20:12 +0000)]
Merge pull request #3078 in SNORT/snort3 from ~MDAGON/snort3:abort to master
Squashed commit of the following:
commit
5feb849b9a5669339c082f9ab0197c7453163fb8
Author: Maya Dagon <mdagon@cisco.com>
Date: Fri Sep 24 13:59:54 2021 -0400
http2_inspect: protect against reassemble with more than MAX_OCTETS
Bhargava Jandhyala (bjandhya) [Thu, 30 Sep 2021 14:38:55 +0000 (14:38 +0000)]
Merge pull request #3046 in SNORT/snort3 from ~SMULKA/snort3:fw_si to master
Squashed commit of the following:
commit
643cfe8c00aef8724a2ef12c7f9c8de751fe366b
Author: smulka <smulka@cisco.com>
Date: Tue Aug 31 23:18:02 2021 -0400
appid: log appid daq trace first followed by subscriber modules
Masud Hasan (mashasan) [Wed, 29 Sep 2021 19:39:43 +0000 (19:39 +0000)]
Merge pull request #3068 in SNORT/snort3 from ~ARMANDAV/snort3:rna_tls_fingerprinting to master
Squashed commit of the following:
commit
064f3c63f264e14a74acf46a89dbfa7fd8cc5da2
Author: armandav <armandav@cisco.com>
Date: Mon Sep 20 06:42:33 2021 -0400
rna: Support CPE new os RNA event
Mike Stepanek (mstepane) [Wed, 29 Sep 2021 14:09:32 +0000 (14:09 +0000)]
Merge pull request #3075 in SNORT/snort3 from ~OSHUMEIK/snort3:streambuf to master
Squashed commit of the following:
commit
27e4c24b75d3b134656501765fad26a35c125fac
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Fri Sep 17 13:10:27 2021 +0300
utils: add custom i/o stream buffers to JS normalizer
The input stream buffer is a buffer over separated regions,
which presents a continuous sequence to the caller.
The output stream buffer is like std:stringstream.
It has an ability to dynamically extend the buffer
and to give away ownership over its memory to someone else.
Some trace messages were removed
(intermediate result are encapsulated in streambuf object now).
Temporal buffer (for script detection mechanism) is prepended immediately
to the output as soon as normalizer context created.
Mike Stepanek (mstepane) [Tue, 28 Sep 2021 11:43:19 +0000 (11:43 +0000)]
Merge pull request #3070 in SNORT/snort3 from ~DKYRYLOV/snort3:doc_js_alerts to master
Squashed commit of the following:
commit
672f4c70d2d70481d2a038a752dfdc5a8973db49
Author: dkyrylov <dkyrylov@cisco.com>
Date: Wed Sep 22 13:45:48 2021 +0300
doc: Add descriptions for 119:265-271 builtin alerts
Shanmugam S (shanms) [Mon, 27 Sep 2021 09:50:46 +0000 (09:50 +0000)]
Merge pull request #3066 in SNORT/snort3 from ~ABHPAL/snort3:efd to master
Squashed commit of the following:
commit
a7546af7ffbfe398895275113b8647ebc1f8ca4d
Author: abhpal <abhpal@cisco.com>
Date: Tue Sep 21 14:45:08 2021 +0530
latency: adding configuration for implicit enable
commit
56dd75b7fc2ea8b87a58fbd7745ffbf35a977c04
Author: abhpal <abhpal@cisco.com>
Date: Tue Sep 21 14:43:41 2021 +0530
snort_config: adding api for enabling latency module
commit
cd88ec50a401f9badd105ed22fe62739c44496de
Author: abhpal <abhpal@cisco.com>
Date: Thu Sep 16 20:09:57 2021 +0530
flow: add total flow latency to flowstats
Mike Stepanek (mstepane) [Fri, 24 Sep 2021 10:42:11 +0000 (10:42 +0000)]
Merge pull request #3074 in SNORT/snort3 from ~VHORBATO/snort3:script_data_renaming to master
Squashed commit of the following:
commit
b0d5e3b51f77e38937e040229cd92487c76499ad
Author: Vitalii <vhorbato@cisco.com>
Date: Wed Sep 22 14:12:42 2021 +0300
ips_options: rename script_data buffer to js_data
Shravan Rangarajuvenkata (shrarang) [Thu, 23 Sep 2021 09:08:40 +0000 (09:08 +0000)]
Merge pull request #3042 in SNORT/snort3 from ~CLJUDGE/snort3:snort3_mercury_process_clientapp_mapping to master
Squashed commit of the following:
commit
e0711099931cf59733dbfe1a95c2e2b927df5acb
Author: cljudge <cljudge@cisco.com>
Date: Thu Jun 17 10:15:02 2021 -0400
appid: provide api for Lua detectors to map process name to client app
Steve Chew (stechew) [Wed, 22 Sep 2021 18:19:00 +0000 (18:19 +0000)]
Merge pull request #3071 in SNORT/snort3 from ~STECHEW/snort3:build_3.1.13.0 to master
Squashed commit of the following:
commit
074c6b13a6ce3dc156013a217a934ef402e95b0a
Author: Steve Chew <stechew@cisco.com>
Date: Wed Sep 22 08:57:19 2021 -0400
build: generate and tag 3.1.13.0
Tom Peters (thopeter) [Tue, 21 Sep 2021 21:21:16 +0000 (21:21 +0000)]
Merge pull request #3065 in SNORT/snort3 from ~MDAGON/snort3:pruning2 to master
Squashed commit of the following:
commit
27e9bef80fed555db0a0736076704064a875c4e8
Author: Maya Dagon <mdagon@cisco.com>
Date: Tue Sep 14 15:50:23 2021 -0400
flow: don't do memcap pruning if pruning is in progress
Shravan Rangarajuvenkata (shrarang) [Tue, 21 Sep 2021 19:41:18 +0000 (19:41 +0000)]
Merge pull request #3062 in SNORT/snort3 from ~KAMURTHI/snort3:sun_rpc_continue to master
Squashed commit of the following:
commit
25faeb22b81be46802883270ade9806e2070a374
Author: Kanimozhi Murthi <kamurthi@cisco.com>
Date: Fri Sep 10 21:58:58 2021 -0400
appid: stay in success state after RPC is detected.
Masud Hasan (mashasan) [Tue, 21 Sep 2021 17:06:27 +0000 (17:06 +0000)]
Merge pull request #3069 in SNORT/snort3 from ~MASHASAN/snort3:hc_unused to master
Squashed commit of the following:
commit
d534f009caa0c3499c835bfd1b93f15b9f077697
Author: Masud Hasan <mashasan@cisco.com>
Date: Tue Sep 21 10:26:29 2021 -0400
host_tracker: Removing unused methods
Russ Combs (rucombs) [Tue, 21 Sep 2021 13:38:42 +0000 (13:38 +0000)]
Merge pull request #3063 in SNORT/snort3 from ~RUCOMBS/snort3:builtin_updates to master
Squashed commit of the following:
commit
508f5f6fbdfa23164de04e2bb8d3a1b1891fff5f
Author: russ <rucombs@cisco.com>
Date: Thu Sep 16 10:45:23 2021 -0400
doc: update reference for 2:1 and 129:13
commit
b8faac492d0600066d96313ab7dc3d311f47c376
Author: russ <rucombs@cisco.com>
Date: Thu Sep 16 09:58:56 2021 -0400
doc: add support for details on builtin rules in the reference
commit
bb770ef86631a810a1daf4881a6b076915d04486
Author: russ <rucombs@cisco.com>
Date: Thu Sep 16 06:24:36 2021 -0400
output: adopt the orphaned tag alert (2:1)
commit
a513ffe9a47e639314c1e57745ad75f415e6abd1
Author: russ <rucombs@cisco.com>
Date: Fri Sep 10 13:48:22 2021 -0400
builtins: add --dump-builtin-options
The unused, hard-coded rev and priority are removed from the dumped
stubs. This new option provides a way to append arbitrary metadata to
the stub. If used, it must precede --dump-builtin-rules.
commit
96524d4fe55040df783a5119a433bae176de6d46
Author: russ <rucombs@cisco.com>
Date: Fri Sep 10 11:03:33 2021 -0400
cip, iec104: update stub rule messages for consistent format
Steve Chew (stechew) [Mon, 20 Sep 2021 20:30:30 +0000 (20:30 +0000)]
Merge pull request #3067 in SNORT/snort3 from ~DERAMADA/snort3:netflow_unique_templates to master
Squashed commit of the following:
commit
d936e929feacc641f05d7da7965a460c75a55e58
Author: Deepak Ramadass <deramada@cisco.com>
Date: Fri Sep 17 10:45:56 2021 -0400
fix cppucheck
commit
2d612e6f89852f66e6ccdfba40c79105364f2b41
Author: Deepak Ramadass <deramada@cisco.com>
Date: Fri Sep 17 10:02:41 2021 -0400
netflow: use device ip and template id to ensure that the template cache keys are unique
Masud Hasan (mashasan) [Mon, 20 Sep 2021 19:32:53 +0000 (19:32 +0000)]
Merge pull request #3061 in SNORT/snort3 from ~MASHASAN/snort3:rna_aep to master
Squashed commit of the following:
commit
5c077c59fdee7b25811399cb54227134cd1c61cd
Author: Masud Hasan <mashasan@cisco.com>
Date: Tue Sep 14 22:15:39 2021 -0400
host_cache: Avoid data race in cache size access
commit
eedfb883372e33ff63ffc18b88a4ddca7a6fdefe
Author: Masud Hasan <mashasan@cisco.com>
Date: Tue Sep 14 22:25:31 2021 -0400
trough: Avoid data race in file count
commit
f114c5c8711041adf50027f3f8982df1bf267126
Author: Masud Hasan <mashasan@cisco.com>
Date: Tue Sep 14 16:16:22 2021 -0400
rna: Avoid data races in vlan and mac address
commit
845a8c2c203eea39fea03ef2a437ffbebf9f41c8
Author: Masud Hasan <mashasan@cisco.com>
Date: Tue Sep 14 12:48:37 2021 -0400
rna: Avoid infinite loop in ICMPv6 options
Shravan Rangarajuvenkata (shrarang) [Fri, 17 Sep 2021 21:45:21 +0000 (21:45 +0000)]
Merge pull request #3064 in SNORT/snort3 from ~SHRARANG/snort3:vdb_ci to master
Squashed commit of the following:
commit
5f9d8a09fb045bdff70841ce5aa6b4caeb8b80ab
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Wed Sep 1 21:43:33 2021 -0400
appid: prioritize appid's client detection over third-party
Tom Peters (thopeter) [Fri, 17 Sep 2021 20:23:12 +0000 (20:23 +0000)]
Merge pull request #3060 in SNORT/snort3 from ~KATHARVE/snort3:portablility to master
Squashed commit of the following:
commit
334e79aa67c4494c0f4c3814ca9eb1897b7cc7a1
Author: Katura Harvey <katharve@cisco.com>
Date: Wed Sep 15 12:42:01 2021 -0400
http_inspect: remove memrchr for portability
Mike Stepanek (mstepane) [Fri, 17 Sep 2021 14:00:04 +0000 (14:00 +0000)]
Merge pull request #3056 in SNORT/snort3 from ~VHORBATO/snort3:replace_doc_update to master
Squashed commit of the following:
commit
442c4df5290bb247cbca8082017a07aef5ca1f6b
Author: Vitalii <vhorbato@cisco.com>
Date: Mon Sep 13 11:41:16 2021 +0300
doc: update the documentation of "replace" option and "rewrite" action
projects / thirdparty / snort3.git / log
